package com.jinbei.filter;

import com.jinbei.security.XssHttpServletRequestWrapper;
import org.springframework.core.annotation.Order;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * @author zflu
 * xss Filter
 * Created by lucky on 2018/8/6.
 */
@WebFilter("/*")
@Order(1)
public class XssFilter implements Filter{

    /**
     * 加密key 本地线程存储
     * 该filter为第一个filter
     */
    public ThreadLocal<String> ENCRYPT_KEY = new ThreadLocal<>();

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        XssHttpServletRequestWrapper request = new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest);

        //如果请求方法需要加密/解密 对加密key赋值
//        ENCRYPT_KEY.set(request.getParameter(Contants.ENCRYPT_KEY_NAME));

        filterChain.doFilter(request,servletResponse);
    }

    @Override
    public void destroy() {
    }
}
